Technical and Organizational Measures (TOMs) – Data Protection Summary

Effective Date: 19 June 2025
Company Name: Takaaf for Events and Conferences Co. L.L.C S.O.C
Prepared by: Andreanne Yaghi, Founder

1. Access Control & Account Security

All company systems (email, file storage, registration platforms) are secured with strong passwords and multi-factor authentication (MFA).

Only the company founder has administrative access to cloud storage, financial tools, and registration data.

No data is shared with third parties without necessity and proper safeguards.

2. Data Storage & Hosting

Personal data is stored in secure, cloud-based platforms such as Google Workspace, Ticket Tailor, and Stripe, which comply with relevant data protection regulations (e.g., GDPR, PCI DSS).

No personal data is stored on local devices without encryption.

3. Data Minimization & Purpose Limitation

Only data necessary for event delivery (e.g., name, contact details, dietary needs) is collected.

Data is used exclusively for the purpose of event management, sustainability reporting, and post-event communications.

4. Incident Response

Takaaf commits to investigating and responding promptly to any data breaches or unauthorized access.

Any incidents will be documented, affected parties notified, and corrective measures implemented.

5. Confidentiality & Training

As a single-person company, data handling is centralized and managed by the founder, who ensures all systems follow secure practices.

If third-party contractors are engaged, they are briefed on data protection responsibilities and required to follow secure processes.